Description
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Remediation
References
Related Vulnerabilities
WordPress Direct Request ('Forced Browsing') Vulnerability (CVE-2005-1688)
MySQL CVE-2015-0498 Vulnerability (CVE-2015-0498)
Drupal Data Processing Errors Vulnerability (CVE-2017-6920)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-32873)
PostgreSQL Out-of-bounds Write Vulnerability (CVE-2019-10164)